DE19906432C1 - Second data stream generation method from first stream including start and functional audiovisual, data blocks, involves insertion of origination information - Google Patents

Abstract

The first start block (12) is extracted from the first data stream. A second starting block is generated for the second data stream. At least some of the first starting block is entered into the second start block. This entry includes origination information, concerning the functional data. A second functional data block is generated, containing the same functional data as that in the first stream, to obtain the second data stream Independent claim are included for equipment suitable for executing the method.

Description

The present invention relates to the Decryption of user data, such as B. audio and / or Video data, and in particular audio and / or video data, that are in the form of a data stream that Header and a user data block.

With the appearance of telecommunications networks and in particular due to the widespread use of multimedia data personal computers and more recently from so-called called solid-state players, there was a need for digital Multimedia data, such as B. digital audio data and / or digital video data, commercially available. The Telekom Communication networks can, for example, analogue telephone lines lines, digital telephone lines, such as. B. ISDN, or be the internet too. Among commercial providers of There is a need for multimedia products to provide multimedia data sell or lend, allowing a customer to do so should be in at any time from a particular catalog to be able to select a specific product individually then of course only from the customer who is responsible for it has paid, may be used.

Unlike known encrypted television programs, such as B. from the television channel Premiere, in which the out sent data for all users against a specific Appropriate decryption device purchased have been encrypted, the present Er create methods and devices that a individual, customer-selective and secure encryption and Enable decryption of multimedia data. In the opposite set to the television channels mentioned, which is a permanent pro Specify grams for which the user completely decides  The procedures and devices make it possible to separate the present invention maximum freedom of choice Customers, d. H. he only has to pay for the products, that he actually wants to use.

DE 196 25 635 C1 describes methods and devices to encrypt or decrypt multimedia data, the Multimedia data in the form of an encrypted multimedia data Tei are present, the one data block and one Has user data block. Parts of the determination data block as well as at least parts of the user data block are included under different keys are encrypted, in particular symmetrical encryption methods are used.

In the method described in DE 196 25 635 C1 Encryption or decryption of multimedia data is also a User index in a determination data block of a bit stream with encrypted multimedia data entered, the Be User identified by an encrypted multimedia may use data stream. Is through this user index only one person identified, this is the procedure only secure against unauthorized reproduction if yourself the person who has an encrypted multimedia data has acquired electricity, behaves correctly and legally. This can ever not always be ensured. Does the person which legally acquired an encrypted multimedia data stream has a duplication, the copy can no longer be seen who copied it. The origin the copy can therefore no longer be traced what is there leads to, assuming incorrect behavior, injuries tongues of copyrights are opened.

In contrast, the user index not only identifies the user zer as a person but a special player of a Be user, such as B. the PC of the user, is indeed one Security achieved in that the user, independent regardless of whether he behaves legally or illegally, the ver encrypted multimedia data stream only on the  played the player index identified player len.

The problem with this approach, however, is the fact che that it is not flexible, d. that is, the user is to a certain extent dictated by copyright protection, where he has to play the purchased multimedia data stream. It it doesn't take a lot of imagination to foresee that such a system has little acceptance on the market will find, especially when it is thought that a variety of players in a normal household located. Such can, for example, a personal computer ter, a laptop, a hi-fi stereo, a stereo in the car, a VCR, a solid state player, etc. include.  

WO 98/24206 discloses algorithms for checking the Authenticity of video images. A video picture is first manufactured as a two-dimensional pixel array, then to Purposes of data compression into a second two-dimensional nales array to be transferred. Then the two a two-dimensional array a check sum is formed. The checksum is along with information that identify the video camera that the first two dimensionally generated pixel array, and with information regarding the time at which the first two-dimensional Pixel array was created, written in a header. The second two-dimensional one then becomes the starting block Array appended to form a data stream that follows a transmission and / or storage regarding its Authenticity can be checked by using the two dimensional pixel array again a check sum det with the over transmitted in the header check sum is compared. If the at the checksums can be assumed that there has been no manipulation of the image. Do they agree do not match the two check sums, either ei manipulation has taken place, or the image has been changed a transmission error.

U.S. Patent No. 5,712,914 relates to a system and Process for managing electronic media using Copyright protection information is provided. In particular a user creates a data stream with a header and a user data block. The header includes identifi cations about the document, a digital signature for the document as well as information about permitted uses of the User data blocks. In the starting block there is also a bibliogra physical record including copyright information contain.

The object of the present invention is therefore to a flexible concept for the selective provisioning of Mul To create timediadata that is accepted on the market finds, and on the other hand, be copyright issues considered.

This task is accomplished by a method for generating a second data stream from a first data stream according to patent Claim 1, by a method for playing a second Data stream that is generated based on a first data stream was, according to claim 15, by a device for Generating a second data stream from a first data current according to claim 19 and by a device for Playing a second data stream, which is due to an er Most data stream was generated according to claim 21 ge solves.

The present invention is based on the finding that that music piracy can only be restricted by if a device-specific identification of useful data is used. This means that a User data piece that prepares in the form of a user data stream  is not licensed on a person-specific basis, but rather device-specific. However, such a system is on the market Acceptance must take the situation into account that a person usually has multiple players and that a person wants to have free choice on which player she / he is buying the multimedia piece from want to play.

At this point it should be noted that user data general multimedia data, d. H. Audio data, video data or a combination of audio and video, but also z. B. Include text data. In the following the Object of the present invention for convenience but are based on multimedia data. It is however, it is obvious that all user data for which it gives an interest in tracking their origins through which Devices and methods according to the invention processed can be.

However, this does not mean unlimited reproduction If the door is opened again, a "copy" of the Multimedia data stream for another device of a user also be device-specific. At the same time it is absolutely essential that the origin of any copy a piece of multimedia can be tracked, d. H. it should always be able to be determined beyond any doubt by who has a multimedia piece created (author, Composer), by whom it was brought into circulation (Provider, distributor, supplier) who has an intermediate copy and who may have made another intermediate copy has created etc. Only if the origin is clear can a Users of a piece of multimedia prove beyond any doubt that he legally uses the multimedia piece, or only then can one illegal users are convicted without any doubt.

It is also possible not to bind the multimedia data to a (playback) device directly, but the data to bind to a "smart card". This allows identical  Multimedia data streams held on different devices but only on the device in which the Smart Card inserted at the time can be used.

According to the present invention, therefore, a first Data stream containing a first header and a first User data block with multimedia data has a second Da generated tenstrom, which is also a starting block and has a user data block. In this second part catch block, d. H. the header of the second data stream, However, according to the present invention, at least the Parts of the first header, i.e. H. of the starting block of the first data stream, recorded the conclusions on the Allow the origin of the multimedia data. The second Nutzda tenblock includes the same multimedia data as the first User data block, d. H. the user data block of the first data current.

The header of the second data stream can essentially same format as the header of the first day have ten currents. However, it contains besides the usual type Catch block information additionally at least the informa from the first block, the conclusions on the Allow the origin of the multimedia data.

In a preferred embodiment of the present Invention becomes essentially the entire first beginning block entered in the second header. Around the two th header that has the first header To secure against manipulation, he can also use be provided with a digital signature derived from the Data from the second (current) header and beyond derived from the data of the first (old) header is. Data of the first header, the conclusions allow the origin of the multimedia data include at ei nem preferred embodiment of the present inven a supplier identifier, d. H. an identification of the Suppliers of the first data stream, for example the  Deutsche Telekom could be, as well as copyright information, the conclusions about the author or composer of the multime allow slides, as well as a user ID, d. H. a Identification of the device for which the data stream was originally has been licensed.

One advantage of the concept according to the invention is in particular the fact that it can be carried out as often as which then results in a multiple recursive header structure leads because a third data stream that starts a third block and has a third user data block in its Initial block of origin information of the second type catch blocks includes. This source information is at one the origin information of the first header and second, origin information of the second beginning blocks. In analogy to the origin information of the first Headers are source information of the second type for example, an identification of the device, for which the piece was originally from the original supplier ten, and an identifier of the device for which the "copy" was made, e.g. B. an identifier of a Car hi-fi device.

At this point it is particularly pointed out that the Copyright information of the first block also in the Header of the third data stream are present. In order to is the inventive concept to legal regulation compliant with any program or device described as illegal, which entails copyright information distant. Such legal regulations are already in the United States has become national law and it should is just a matter of time before this Regulations are also nationalized across Europe.

In a preferred embodiment of the present Invention contains the part of an old header that is in the new starting block is adopted, including license information tions that relate to the way that one  licensed multimedia piece may be used, d. H. how many times it can be played and how often it copies or whether a copy of a copy is permitted or not.

Of course, the user data block can be symmetrically ver be keyed while the key is symmetrical The encryption process in turn is encrypted asymmetrically rare. In this case, a device for generating of the second data stream from the first data stream is full constant decryption and then a full one perform constant re-encryption.

The concept according to the invention thus allows a comprehensive one Backup of a multimedia piece to a certain extent by the author or composers from over any number of copies to an end user. In addition, anyone can Time of a copy or distribution chain the origin the current copy can be completely traced, whereby the number of copies or distributions can be arbitrary is. In addition, copyright information is available at all times taken into account, whereby the copyright protection is satisfied becomes. Finally, the concept according to the invention can be efficient ent and flexibly implemented, so that it too for inexpensive players with limited memory and Processor resources are suitable for being easy to use is, and that modern customer requests for high flexibility be fully taken into account.

Figure 1 shows a multimedia data stream that can be generated according to the vorlie invention.

Fig. 2 is a more detailed representation of the header and the user data block of the encrypted multi-media data stream;

Fig. 3 is a selection of certain entries in the individual sub-blocks of the initial block;

Fig. 4 is a schematic representation of a distribution scenario;

Figure 5 is a schematic view of a data stream with re italic header structure.

Fig. 6 is a flowchart of a method for generating ei nes second data stream from a first data stream according to the present invention; and

Fig. 7 shows a method for playing a second data stream, which has been generated due to a first data stream, according to the present invention.

Fig. 1 shows an encrypted multimedia data stream 10 , which has a header or header 12 and a user data block 14 , ie a block with encrypted multimedia data. The user data block 14 comprises encrypted sections 16 and unencrypted sections 18 between the encrypted sections 16 . In addition, a multimedia data stream that can be generated according to the present invention includes a further unencrypted section 20 that follows the header 12 and is arranged in front of an encrypted section 16 .

Usually the multimedia data to be encrypted encoded in some way, e.g. B. after a MPEG standard, such as B. MPEG-2 AAC, MPEG-4 AAC or MPEG Layer-3. Therefore, it is sufficient to take certain sections of the encrypt encrypted multimedia data. this leads to at a significantly reduced processing cost both at the provider who encrypts the data, as well as at Customer who has to decrypt the data again. Moreover is only partially encrypted by the Mul Timediadaten the listening pleasure or the viewing pleasure of a user, who only uses the unencrypted multimedia data det, through the constantly occurring encrypted blocks  severely impaired.

Although FIG. 1 shows an encrypted multimedia data stream in which the header 12 is rarely arranged at the beginning of the encrypted multimedia data stream, this arrangement of the header and user data block is not intended to relate to the transmission of the encrypted multimedia data stream. The term "header" is only intended to express that a decryption device that wants to decrypt the encrypted multimedia data stream first needs at least parts of the header before the multimedia data itself can be decrypted. Depending on the transmission medium, the header could also be located somewhere within the user data block or could be received after certain parts of the user data block, for example if packet-oriented transmission of the multimedia data stream is being considered, in which different packets, one of which contains the header can and another part of the user data block th can be transmitted over different physical transmission paths, such that the order of reception does not have to correspond to the order of transmission. In this case, however, a decryption device must be able to store and reorder the received packets in such a way that information is extracted from the header to begin decryption. The encrypted multimedia data stream could also be in the form of a file or else in the form of an actual data stream if, for example, a live transmission of a multimedia event is being considered. This application will particularly occur in digital user-selective broadcasting.

The length of an encrypted portion 16 is represented by ei rate 22 nen value, while the distance in the ver-encrypted multimedia data stream from the beginning of a ver-encrypted portion 16 is referred to the beginning of the next ver encrypted portion 16 with step 24th

The length of the further encrypted section 20 is indicated by a value of first step 26 .

These values 22 , 24 and 26 are of course required for a correct decryption of the multimedia data in a decryption device, which is why they must be entered in the header 12 , as will be explained later.

FIG. 2 shows a more detailed illustration of the encrypted multimedia data stream 10 , which consists of the header 12 and the user data block 14 . The header 12 is divided into several sub-blocks, which are explained in particular with particular reference to FIG. 3. It should be noted that the number and function of the sub-blocks can be expanded as desired. In FIG. 2, individual sub-blocks of the starting block 12 are therefore only listed as examples. The same includes, as shown in Fig. 2 ge, a so-called crypt block 29 , which generally speaking has relevant information for encrypting the multimedia data. The header 12 further includes a so-called license block 30 , which has data relating to the way in which a user can or may use the encrypted multimedia data stream. The header 12 also includes a payload in fo block 32 , which may include information regarding the payload block 14 and general information about the header 12 itself. Furthermore, the header 12 may have an age header block 34 which enables a so-called recursive header structure. This block enables the user, who in addition to a decryption device also has an encryption device, to transform an encrypted multimedia data stream for other players in his possession without losing or modifying the original header information provided by the distributor. Depending on the area of application, further sub-blocks such as B. an IP information block (IP = Intellectual Property = Intellectual Property) according to ISO / IEC 14496-1, MPEG-4, Systems, 1998, which includes copyright information, are added to the header 12 .

As is common in technology, each block can have one internal block structure can be assigned, initially a The block identifier then calls the length of the sub blocks, and then the block user data perform themselves. This gives the encrypted multimedia data stream and especially the header of the encryption rarely multimedia data stream of increased flexibility, in such a way that new requirements are responded to can be that additional sub-blocks are added or existing sub-blocks can be omitted.

Fig. 3 gives an overview of the block useful data of the individual sub-blocks shown in Fig. 2.

First, the crypt block 28 is discussed. The same contains an entry for a multimedia data encryption algorithm 40 , which identifies the symmetrical encryption algorithm used in a preferred exemplary embodiment, which was used when encrypting the multimedia data. Entry 40 is believed to be an index to a table such that a decryption device, after reading entry 40 , is able to select the same encryption algorithm from a variety of encryption algorithms that the encryption device used. The crypt block 28 further comprises the entry first step 26 , the entry step 24 and the entry quantity 22 , which have already been shown in connection with FIG. 1. These entries in the header enable a decryption device to subdivide an encrypted multimedia data stream accordingly in order to be able to carry out correct decryption.

The crypt block 28 also contains an entry for the distributor or provider 42 , which is a code for the distributor who generated the encrypted multimedia slide data stream. An entry user 44 identifies the user who has acquired the encrypted multimedia slide data stream in some way from the distributor identified by the entry 42 . According to the invention, it is preferred not to use a personal user ID, since this would open the door to illegal duplications. Instead, it is preferred to carry out the user identification on a device-specific basis. The entry user would then e.g. B. include the serial number of a PC, a laptop, a car hi-fi device, a home stereo, a smart card, etc., which only allows playback on the special device. To further increase flexibility and / or security, instead of the serial number, which looks different for each manufacturer, but which could happen to be identical, a special identifier, such as B. a logical link of the hard disk size with the processor number etc. in the example of a PC.

An entry 46 contains an output value, which will be discussed in detail later. Generally speaking, this output value represents an encrypted version of the multimedia data key, which is required in conjunction with the multimedia data encryption algorithm identified by the entry 40 in order to correctly correct the encrypted multimedia data (sections 16 of FIG. 1) present in the useful data block 14 to decrypt. In order to have sufficient flexibility for future applications, the two entries output value length 48 and output value mask 50 are also provided. The entry output value length 48 indicates the length of the output value 46 . In order to obtain a flexible header format, however, more bytes are provided in the header format for the output value than an output value currently actually has. The output value mask 50 therefore specifies how a shorter output value is to a certain extent distributed over a longer output value location. For example, if the output value length is half the available space for the output value, the output value mask could be designed in such a way that the first half of the output value mask is set while the second half is covered. Then the output value would simply be entered in the space provided by the syntax for the header and occupy the first half, while the other half is ignored due to the output value mask 50 .

In the following, the license block 30 of the initial block 12 is discussed. It includes an entry bit mask 52 . This entry can have certain special information for playing or for the general way of using the encrypted multimedia data. In particular, a decryption device could hereby be informed whether or not the user data can be played locally. Furthermore, it could be signaled here whether the challenge-response method for encryption has been used, which is described in the German patent DE 196 25 635 C1 mentioned at the outset and enables efficient database access.

An expiry date entry 54 indicates the time at which the permission to decrypt the encrypted multimedia data stream expires. In this case, a decryption device will check the entry expiry date 54 and compare it with a built-in time measuring device in order, in the event that the expiry date has already passed, not to decrypt the encrypted multimedia data stream. This allows a provider to provide encrypted multimedia data for a limited time, which enables the advantage of much more flexible handling and pricing. This flexibility is further supported by an entry start date 56 , which specifies when an encrypted multimedia file may be decrypted. An encryption device will compare the entry start date with its built-in clock in order to only decrypt the encrypted multimedia data if the current time is later than the start date 56 .

An entry permitted number of plays 58 indicates how often the encrypted multimedia data stream may be decrypted, ie played. This further increases the flexibility of the provider in such a way that it only allows a certain number of plays, for example against a certain sum, which is smaller than a sum that would arise for the unrestricted use of the encrypted multimedia data stream.

To verify or support the entry allowed number of plays 58, the license block 30 further includes an entry actual number of plays 60 , which could be incremented by one after each decryption of the encrypted multimedia data stream. A decryption device will therefore always check whether the entry actual number of plays is smaller than the entry allowed number of plays. If this is the case, the multimedia data is decrypted. If this is not the case, decryption is no longer carried out.

Analogous to entries 58 and 60 , the entries permitted number of copies 62 and actual number of copies 64 are implemented. The two entries 62 and 64 ensure that a user of the multimedia data copies the same only as often as he is allowed by the provider, or as often as he paid for when buying the multimedia data. The entries 58 to 64 ensure effective copyright protection, and a selection between private and commercial users can be achieved, for example by setting the entries permitted number of plays 58 and permitted number of copies 62 to a small value.

The licensing could e.g. B. be designed so that a certain number of copies (entry 62 ) of the original is allowed, while no copies of a copy are allowed. In contrast to the header of the original, the entry block of a copy would then have a zero as the entry allowed number of copies, such that this copy is no longer copied by a correct encryption / decryption device.

In the example shown here for a multimedia data protection protocol (MMP; MMP = Multimedia Protection Protocol), the start block 12 also contains a useful data information block 32 , which here has only two block useful data entries 66 and 68 , the entry 66 having a hash Contains sum over the entire header, while entry 68 identifies the type of hash algorithm that has been used to form the hash sum over the entire header. Hash algorithms are known in the art and can be used to digitally sign a set of data such that even a minor change in the data in the set of data will result in a change in the digital signature, thereby making it simple and efficient the authenticity of the data and especially of the (non-encrypted) header can be checked.

A preferred method for generating a digital signature is to form a hash sum over the entire header and then to encrypt or decrypt it asymmetrically in order to obtain the entry 66 . In particular, the supplier would decrypt the hash sum of the entire starting block with his private key. The customer's encryption device, on the other hand, would itself form the hash sum over the entire (possibly illegally modified) header and also decrypt entry 66 with the public key of the asymmetrical encryption method and then compare the two results. If they match, the playback process will start. If they do not match, decryption / decoding / playback is not possible.

In this context, for example, the specialist book Applied Cryptography, Second Edition, John Wiley & Sons, Inc. by Bruce Schneier (ISBN 0 471-11709-9), which a detailed description of symmetrical closures algorithms, asymmetric encryption algorithms and hash algorithms.

The header 12 finally includes the age header block 34 , which in addition to the synchronization information, which is not shown in FIG. 3, has the entry age header 70 . In the entry age header 70 , if a user performs encryption himself and thus creates a new header 12 , the old header can be saved by the provider in order not to lose any essential information that the provider has entered in the header. This could include, for example, copyright information (IP information block), previous user information and distributor information, which enable the tracing back of a multimedia file, which has been decrypted / encrypted several times by different devices, for example, to the original provider, while preserving copyright information become. This makes it possible to check at any time whether an encrypted multimedia file has been acquired legally or illegally.

Fig. 4 shows a schematic block diagram of a scenario, in which the inventive concept can be used in an advantageous manner. An author or composer 100 has a multimedia piece, e.g. B. created a text, a piece of music, a film or an image. This work, which is generally referred to in this application as a multimedia piece, is delivered to a supplier 102 of multimedia data. At this point it should be particularly pointed out that the expression "multimedia data" in the sense of the present invention comprises audio data, video data or a combination of audio and video data.

The supplier ensures that the multimedia piece of the author / composer 100 comes into circulation by encoding it for example according to the MPEG Layer 3 (MP3) method. In order to achieve a customer-selective transfer of use of the coded multimedia piece, the supplier 102 will bring the coded multimedia piece into a first data stream which has a header and a user data block. A data stream as it could be used is shown in FIG. 3.

In this context, special attention is drawn to the IP information block 72 , which has user information 74 as user data which identify the author / composer or artist in general. The IP information block could, for example, be designed according to ISO / IEC 14496-1 MPEG-4 Systems, 1998. In particular, it could include the name of the author / composer / artist or the ISBN number (ISBN = International Standard Book Number), the ISRC code (ISRC = International Standard Recording Code), the ISAN number (ISAN = International) Standard Audiovisual Number), the ISMN number (ISMN = International Standard Music Number), etc. Such meta information will allow the author of the multimedia piece to be clearly identified in such a way that the enforcement of copyrights is greatly simplified by adding this meta information to the user data .

The supplier of multimedia data 102 generates a first data stream which has a first header and a first user data block. All data shown in FIG. 3 can be contained in the header, with particular reference being made to the author information (entry 74 ), the distributor identifier (entry 42 ) and the user identifier (entry 44 ). While the originator information (entry 74 ) generally represents the origin of the multimedia piece, the distributor identifier ( 42 ) clearly defines the origin of the first data stream itself, while the user identifier defines the "destination" of the first data stream, ie the device which is allowed to use the data stream and which has also paid for it, whereby on the one hand the service of the supplier 102 is paid for multimedia data and on the other hand taxes can flow to the author / composer 100 . In the first header of the first data stream, for example, a receiver PC 104 could be identified via the user identifier 44 . The first data stream can now be played on the one hand on the receiver PC 104 , but the receiver PC is also designed in accordance with the invention in such a way that it can also produce a "copy" of the first data stream in order to generate one or more second data streams that have in their header the user ID 44 of a car hi-fi device 106 a, a home hi-fi device 106 b, a solid state player 106 c etc.

Every second header will have essentially the same user data block, but the header of every second data stream, ie the second header, will be different with respect to the user identifier 44 . According to the invention, however, every second header will also contain information which enables conclusions to be drawn about the origin of the corresponding second data stream. This information can include author information, an identifier for the recipient PC 104 and an identifier for the supplier 102 of the first data stream. The second header preferably also contains license information relating to how often the multimedia piece can be played or how often it can be copied. In particular, the case could exist that, for. B. five copies are allowed, but that no copy of the copy is allowed. The entry Allowed number of copies 62 of the first header would then contain five, for example. In contrast, the entry Permitted number of copies of the second header would contain zero. Even if the car hi-fi device 106 a, the home hi-fi device 106 b or the solid state player 106 c would be designed in such a way that it could itself perform decryption or encryption, ie like the recipient PC 104 , no further copy would still be generated, ie no third data stream, since the entry 62 in the second header of the second data stream is set to zero. However, if this were not the case and if a copy of a copy would be permissible, the individual devices 106 a to 106 c could in turn generate third data streams, which would include origin information of the corresponding second data stream and of course also of the corresponding first data stream.

This results in a recursive starting block structure that can in principle be repeated as desired, as is shown schematically in FIG. 5. FIG. 5 shows an nth data stream 110 which has an nth header 112 and an nth user data block 114 . The nth header 112 again comprises an (n - 1) th header, which in turn has an (n - 2) th header, etc.

It is preferred that the supplier of multimedia data 102 ( FIG. 4) at least partially encrypts the multimedia data in the first user data block. It is preferred to use a symmetrical encryption method for encrypting the multimedia data, the key of the symmetrical encryption method in turn being encrypted asymmetrically. The asymmetrical key encrypted with the private key of the supplier 102 for the symmetrical encryption method is the output value 46 ( FIG. 3). The recipient PC 104 will therefore need the corresponding public key of the supplier 102 of multimedia data in order to decrypt the output value 46 again in order to obtain the key for the symmetrical decryption method which the supplier 102 of multimedia data also used. Now the receiver PC 104 is able to play the first data stream. If it is encoded, the receiver PC 104 decodes before playing. The order will therefore be: decrypt, decode, play.

However, the receiver PC should also be able to generate a second data stream for a special further player 106 a to 106 c. In this case, the receiver PC 104 can be configured to re-encrypt the decrypted multimedia data, a symmetrical encryption method being preferred due to speed considerations. The recipient PC 104 will in turn asymmetrically encrypt the key for the symmetrical encryption method with its private key, provide the second header with its own identifier as distributor entry 42 and the second header with the identifier z. B. the car hi-fi device as user ID 44 . Furthermore, the recipient PC 104 , since it has a different data key than the supplier 102 of multimedia data, generates a different output value which is entered in the entry 46 of the second header. In addition, the recipient PC will update the license block of the second header as desired. According to the invention, however, the same will preferably write the entire first header in the entry old header 70 such that any information of the first header is preserved and in particular the source information of the first data stream, as has already been carried out several times.

Neither the first header nor the second header nor the nth header are encrypted themselves. However, in order to protect the corresponding starting blocks from attacks, z. B. the second starting block, for example, a hash sum over the starting block according to the hash algorithm identified in entry 68 ( FIG. 3). This hash sum is preferably not only formed by blocks 28 , 30 , 32 , 72 of the second starting block, but also includes the block for the old starting block 34 . This hash sum can then be entered directly in entry 66 ( FIG. 3). To increase security, however, it is preferred to enter a digital signature for the hash sum of the second starting block here. A digital signature of the hash sum over the second header could, for example, be formed again with an asymmetrical encryption method, such that the receiver PC 104 , which generates the second data stream, uses its private key to have the hash sum over the second Initially encrypted block and writes the result in entry 66 .

The home hi-fi stereo system 106b will now first verify the second data stream by also forming a hash sum over the second header as it is fed to the home hi-fi system. Furthermore, the home hi-fi system 106 b will decode the entry 66 in the second header with the public key of the recipient PC 104 and compare the result obtained with the hash sum just calculated. If both hash sums are the same, it can be assumed that the second data stream has not been manipulated. However, if the two results differ, then a legally implemented car hi-fi device will not continue to play, since it can be assumed that unauthorized manipulations were carried out either at the second header or to a certain extent "subsequently" at the first header are.

Fig. 6 shows a flowchart for the method according to the invention for generating a second data stream from a first data stream, which is executed by the receiver PC 104 in order to transfer the device-specifically licensed first data stream to other devices ( 106 a to 106 c) ".

Basically, the receiver PC 104 will first extract the first header from the first data stream ( 116 ). In addition, the receiver PC 104 will, if possible, generate a second header for the second data stream ( 118 ). This header generated as much as possible could include all of the information of the header shown in FIG. 3 (blocks 28 , 30 , 32 , 34 , 72 ), but not yet the age header 34 . This is described in a step 120 , at least the origin information from the first header being entered in the entry 70 . For security reasons and also for implementation reasons, however, it is preferred not only to enter the source information from the first header but also the entire information from the first header in the entry 70 of the second header. This could result in certain information now being duplicated, such as: B. the copyright information 74 and information from the other blocks, such. B. First step 26 , step 24 , quantity 22 , etc. It is already apparent here, however, that the fact that the receiver PC 104 generates a complete second header in step 118 does not match the parameters of the supplier 102 either is bound by multimedia data. For example, a less complex encryption method could be used to enable the second data stream to be decrypted again with less effort by, for example, the solid-state player 106 c, which, as is known, must have limited memory and processor resources in order to be offered at low cost to be able to. From this point of view, the user data block of the second data stream could even no longer be encrypted if it is preferred.

The receiver PC 104 finally generates a second user data block for the second data stream ( 122 ) in order to finally receive the second data stream.

The flowchart in FIG. 7 generally describes a method for playing a second data stream that has been generated on the basis of a first data stream, which method could be carried out in one of the devices 106 a to 106 c. Should there be another intermediate distributor between the supplier 102 of multimedia data and the recipient PC 104 , such as, for. B. a "retailer" of multimedia, which is operated by the supplier 102 of multimedia data, which then has a wholesaler function, is arranged, the method generally shown in FIG. 7 according to the invention would already be performed from the receiver PC 104 be performed.

The method of playing can generally begin with the step of reading the second header of the second data stream ( 130 ). Thereupon the device 106a will , for example, extract the part of the first header which includes origin information, ie the age header block 34 and read the useful data of the entry 70 ( 132 ).

In order to prevent the playing of illegal pieces, the origin of the second data stream is verified in a step 134 using the origin information in the entry 70 . Such a verification could consist, for example, of checking whether there is any origin information in the second header ( 136 ). If it is found in the verification 136 that there is no origin information at all in the second header, a legally operated player according to the present invention will refuse to play and stop the operation ( 138 ). If this simple form of verification 136 determines that origin information is available and that it is also meaningful and that it is not "deception data" of any kind, the playback device according to the invention will begin or continue to play the second data stream ( 140 ).

A more complex type of verification could be to check whether the supplier identifier 42 of the second header matches the user identifier 44 of the first header. In this case, there would be no doubt that the copy in the player also comes from the corresponding home PC. Any other verification techniques with more or less effort are conceivable.

In a preferred embodiment of the present invention, it is preferred to carry out the verification via a digital signature, which includes both data of the second header and data of the first header, as described in connection with FIG. 4. Other even more complicated methods can also be used for verification, but always checking the origin of the data stream, which can either be author information, or corresponding supplier entries 42 or user entries 44 of the individual embedded starting blocks of the generally recursive starting block structure, which is generally spoken multiple times, which is illustrated in FIG .

In addition to verifying the origin of the second data stream (step 134 in FIG. 7), the playback device will preferably be implemented in such a way that it also processes the license block 30 and in particular, for example, on the basis of entries 58 and 60 with regard to the permitted or actual number of plays processed to determine whether it can still play a data stream at all. Of course, when the second data stream is encrypted, the player will use the other information of the second header in the manner described, in order to finally decrypt, decode and play back the second data stream.

Claims (22)

1. A method for generating a second data stream from a first data stream, which has a first header ( 12 ) and a first user data block ( 14 ) with user data, comprising the following steps:
Extracting ( 116 ) the first header ( 12 ) from the first data stream;
Generating ( 118 ) a second header for the second data stream;
Entering ( 120 ) at least a portion ( 42 , 44 , 74 ) of the first header into the second header, the portion of the first header comprising information that allows conclusions to be drawn about the origin of the useful data; and
Generating ( 122 ) a second user data block which has the same user data as the user data block of the first data stream in order to maintain the second data stream. 2. The method of claim 1, wherein the information that allows conclusions about the origin of the first data stream comprise an identifier ( 42 ) for a supplier of the first data stream. 3. The method according to claim 1 or 2, wherein the information that allows conclusions about the origin of the first data stream, include copyright information ( 74 ), such as. B. the author, the composer, the ISRC number, the ISAN number or the ISMN number of the user data of the first data stream. 4. The method according to any one of the preceding claims, wherein the part of the first header, which is entered in the two th header, further comprises an identifier ( 44 ) of the recipient of the first data stream. 5. The method according to claim 4, wherein the identifier is device-specific and the receiver ( 104 ) of the first data stream is a player identified by the identifier or is a smart card. 6. The method of any preceding claim, wherein the portion of the first header entered in the second header further includes license data ( 30 ) related to the manner in which a recipient ( 104 ) of the the first data stream may use the same, the license data of the first header specifying the license data of the second header. 7. The method of claim 6, wherein the license data ( 30 ) of the first header specify that the first data stream may be copied a certain number of times ( 62 ), but that no copy of a copy may be made, the step of generating ( 118 ) the second header for the second data stream includes entering second license information in the second header of the second data stream such that a copy of the second data stream may no longer be made. 8. The method according to any one of claims 4 to 7,
in which the step of generating ( 118 ) a second header includes the step of entering an identifier ( 44 ) for the recipient ( 106 a to 106 c) of the second data stream as a user ID and an identifier of the recipient ( 104 ) of the first data stream as a supplier ID ( 42 ); and
wherein the step of entering ( 120 ) at least a portion of the first header into the second header includes entering the identifier of the supplier ( 42 ) of the first data stream as the supplier identifier and entering the identifier ( 44 ) of the recipient of the first data stream as the user identifier in has a portion of the second header that is reserved for information from the first header. 9. The method according to any one of the preceding claims, further comprising the step of:
Creating a digital signature ( 66 ) for the second header including the portion of the first header and attaching the digital signature to the second header. 10. The method according to claim 9, wherein the step of providing further comprises the following substeps:
Forming a hash sum over the second header including the portion ( 34 ) of the first header using a specified hash algorithm ( 68 ); and
Encrypting the hash sum using an asymmetrical encryption method using a private key of the recipient ( 104 ) of the first data stream. 11. The method according to any one of the preceding claims, in which the user data in the user data block ( 14 ) are at least partially encrypted and encryption information is contained in the first header, where in the step of generating ( 118 ) the second starting block further comprises the following steps :
Decrypting the first payload of the first data stream using the encryption information ( 46 , 40 , 22 to 26 ) in the first header;
Encrypting the decrypted user data and entering corresponding encryption information ( 46 , 40 , 22-26 ) in the second header,
wherein the encryption information of the first header is also entered in the second header. 12. The method according to claim 11, wherein the encrypted user data in the first user data block ( 14 ) are encrypted symmetrically and the key is in turn asymmetrically encrypted using a private key, the step of decrypting comprising the following steps:
Decrypting the encrypted key ( 46 ) using the supplier's public key ( 102 ) to obtain the key for symmetric decryption ( 40 );
Encrypting a user data key of the decrypted user data using a private key of a recipient ( 104 ) of the first data stream, which executes the method for generating a second data stream; and
Enter the asymmetrically encrypted user data key in the second header ( 46 ). 13. The method according to any one of the preceding claims, wherein in the step of entering ( 120 ) the entire first header is entered in the second header. 14. The method according to any one of the preceding claims, wherein the first header itself has at least a part of a header of a data stream that relates to the origin of the first data stream, such that the step of entering a multiple recursive header structure ( Fig. 5) he gives. 15. A method for playing a second data stream, which has a second header and a second user data block and has been generated on the basis of a first data stream, which has a first header and a first user data block, at least part ( 70 ) of the first header , which has information regarding the origin of the first data stream contained in the second header, with the following steps:
Extracting ( 132 ) the portion ( 70 ) of the first header from the second header;
Verifying ( 134 ) the origin of the second data stream using the portion ( 70 ) of the first header that has information regarding the origin of the first data stream; and
with a positive result of the step of verifying ( 136 ), playing ( 140 ) the second data stream. 16. The method according to claim 15, in which a digital signature ( 66 ) is appended to the second starting block of the second data stream, which matches the part ( 70 ) of the first starting block, and in which the step of verifying comprises the following sub-step:
Verify the authenticity of the second header using the digital signature ( 66 ). 17. The method of claim 16, wherein the digital signature ( 66 ) is the result of an encryption performed by means of a private key of the device ( 104 ) that generated the second data stream, a hash sum of the second header, and at which the step of verifying authenticity has the following steps:
Decrypting the digital signature by a public key of the device ( 104 ) that generated the second data stream to obtain the hash sum of the second header;
Hashing the present header;
Comparing the hash sums;
if the hash sums match, output a positive verification result ( 136 ). The method of claim 17, wherein the portion ( 70 ) of the first header further includes license information ( 30 ) regarding how the first data stream may be used, and wherein the second header includes license data ( 30 ), which are derived from the license data of the first header, which also has the following substeps:
Comparing the license data of the second header and the first header to evaluate the authenticity of the license data of the second header;
in the case of authenticity in question, blocking ( 138 ) the playback of the second data stream. 19. Device ( 104 ) for generating a second data stream from a first data stream, which has a first header ( 12 ) and a first user data block ( 14 ) with user data, with the following features:
means for extracting ( 116 ) the first header ( 12 ) from the first data stream;
means for generating ( 118 ) a second header for the second data stream;
means for entering ( 120 ) at least a portion ( 42 , 44 , 74 ) of the first header into the second header, the portion of the first header comprising information which allows conclusions to be drawn about the origin of the useful data; and
a device for generating ( 122 ) a second user data block which has the same user data as the user data block of the first data stream in order to obtain the second data stream. 20. The device ( 104 ) according to claim 19, which is designed as a personal computer. 21. Device ( 106 a to 106 c) for playing a second data stream which has a second header and a second user data block and has been generated on the basis of a first data stream which has a first header and a first user data block, at least one Part ( 70 ) of the first header, which has information relating to the origin of the first data stream, is contained in the second header, with the following features:
means for extracting ( 132 ) the portion ( 70 ) of the first header from the second header;
means for verifying ( 134 ) the origin of the second data stream using the portion ( 70 ) of the first header having information regarding the origin of the first data stream; and
means for playing the second data stream responsive to the means for verifying ( 134 ) to play the second data stream only when the means for verifying ( 134 ) provides a positive result. 22. The apparatus of claim 21, which is designed as a hi-fi system ( 106 b), as a car hi-fi system ( 106 a), as a portable multimedia player ( 106 c), as a computer or as a component of one of the aforementioned devices.